Back

Operators beware: DDoS attacks—large and small—keep increasing

Posted By

Fierce Telecom

On

June 6, 2017

Despite years’ worth of warnings and countermeasures, distributed denial of service (DDoS) attacks continue to escalate. Every year sees more of them, with increasing duration and severity.

The frequency was up by 380% in the first quarter of 2017 compared to the first quarter of 2016, according to Nexusguard, which compiled this set of statistics (PDF) in a new report. From the fourth quarter of 2016 to the first quarter of 2017, HTTP attack counts and total attack counts increased by 147% and 37% respectively.

Examples of increasing severity include a 275 Gbps attack that took place during Valentine’s Day (there have been significantly larger attacks) and an attack spanning 4,060 minutes that occurred over the Chinese New Year, the company said.
 
The percentage of days with sizable attacks (larger than 10Gbps) grew appreciably within the quarter for 48.39% in January to 64.29% in March.

Lengthier attacks at erratic intervals are becoming the norm, the company said.

A separate, simultaneously published report from Corero Network Security said its customers have been hit by an increasing number of small DDoS attacks. Though attacks of 10 Gbps or smaller would seem less severe, what’s insidious about them is that they are apt to sneak under minimum detection thresholds. Though the DDoS attacks themselves might not be that disruptive, they can give hackers the access to wreak plenty of other damage.

Corero CEO Ashley Stephenson said in a statement, “Short DDoS attacks might seem harmless, in that they don't cause extended periods of downtime. But IT teams who choose to ignore them are effectively leaving their doors wide open for malware or ransomware attacks, data theft or other more serious intrusions. Just like the mythological Trojan Horse, these attacks deceive security teams by masquerading as a harmless bystander—in this case, a flicker of internet outage—while hiding their more sinister motives.”

Nextguard believes part of the increase in DDoS activity is a ripple effect of increased botnet activity that occurred in the fourth quarter.

This is in part a reference to the Mirai botnet, which was first identified in the latter half of 2016. Mirai provided a means to take over connected devices with inadequate built-in security safeguards (webcams, some set-top boxes, etc.), and use them to launch sustained attacks, sometimes with spectacular results.

Those attacks revealed the Achilles' heel in the internet of things: Many IoT applications are based on the distribution of large numbers of very inexpensive devices, which can be made so cheaply in part by adopting only minimal security, if any.

The DDoS problem is worldwide, but nearly a quarter of the attacks are launched from the U.S. (followed by China and Japan). That’s likely to remain the case, as more U.S. households install “smart” devices that have poorly guarded IP addresses, making them susceptible to hijacking in the service of more DDoS attacks.

"IoT botnets are only the beginning for this new reign of cyberattacks. Hackers have the scale to conduct gigantic, continuous attacks; plus, teams have to contend with attacks that use a combination of volumetric and application aspects," said Nexusguard CTO Juniman Kasman, in a statement.

The two largest sources of DDoS attacks were China and Japan, with Russia a distant third.

The release of such results is meant to emphasize what should be obvious: companies that haven’t upgraded their security are the most vulnerable.